8

On a fresh install of Fedora 19 I am attempting to change the password to something simple, like Password01 (this is just a simple testing VM, nothing fancy), but the password complexity requirements prevent me from setting anything easy to remember.

How can I bypass the complexity requirements or disable them?

the contents of /etc/pam.d/passwd:

#%PAM-1.0
auth       include  system-auth
account    include  system-auth
password   substack system-auth
-password   optional    pam_gnome_keyring.so use_authtok
password   substack postlogin

Even as root I cannot bypass the requirements:

enter image description here 

justincase@localhost ~ $ sudo -s
[sudo] password for justincase: 
[root@localhost justincase]# passwd justincase
Changing password for user justincase.
New password: 
BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word
Retype new password: 
[root@localhost justincase]#
Improve this question
6
  • look at /etc/pam.d/common-passwd, or passwd, or something similar Commented Nov 17, 2016 at 17:38
  • 2
    Did you try changing the password from a terminal with sudo passwd <username>? I don't have Fedora, but from what I have read it may give you a warning about the password quality but should still change it. Commented Nov 17, 2016 at 18:54
  • @PaulH. Yes I did try that, it didn't work :/ Commented Nov 17, 2016 at 19:53
  • 2
    Root should still be able to change passwords bypassing requirements. Commented Nov 17, 2016 at 22:21
  • @Roflo See the edited question. Even root does not work. Commented Nov 18, 2016 at 16:17

2 Answers 2

Reset to default
20

As root you can bypass the requirements. Your example shows this happening:

# passwd justincase
Changing password for user justincase.
New password:
BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word
Retype new password:
#

Notice it does not repeat the New password prompt but instead it asks you to retype the (bad) new password you are entering. If you had continued with the alleged bad password you would have been able to set it as the password for justincase.

Improve this answer
6
  • You can get rid of having to type the password in twice as root by adding <password sufficient pam_rootok.so> at the end of the /etc/pam.d/passwd file or /etc/pam.d/common-password, or whatever pam file the requirement is in. Commented Feb 1, 2019 at 3:20
  • @anotherguy agreed, but that's a different answer. Commented Feb 1, 2019 at 7:17
  • This is very funny...sometimes we could not see what's just in front of us...happened to me many times. Commented Aug 29, 2019 at 15:25
  • If I modify password with root user, the keyring password will be desynchronized Commented May 6, 2021 at 16:16
  • @woprandi this question was asked (and answered) four years ago. Time moves on and it may be that my answer is no longer correct for current systems. I can't comment on keyring password issues (I don't use keyring passwords) so if you have a solution that is more uptodate please do add it as a new answer Commented May 6, 2021 at 16:46
0

I know it is off-topic but I want to make a note here. I am using debian, but I think it should be the same as Fedora.

As usual, I do not set complex password. Somehow the new server (from digitalocean) install unnecessary packages by default.

I just uninstall cracklib-check and it works.

This is only for debian.

apt-get purge libcrack2

see https://www.cyberciti.biz/security/linux-password-strength-checker/

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.